Check Point Research has published its latest Brand Phishing Report corresponding to the first quarter of 2025. This report highlights the most supplanted brands by cybercriminals with the aim of stealing personal, corporate and payment information, underlining the constant evolution of phishing attacks in the digital era.
In the first quarter of 2025, Microsoft maintained its position as the most imitated brand, representing 36% of all phishing attempts. Google amounted to second place with 12%, while Apple remained among the top three with 8%. It is worth noting the return of Mastercard to the ranking, placing itself in the fifth position, after not appearing among the 10 main ones since the third quarter of 2023. The technological sector was, once again, the most impersonated, followed by social networks and retail trade.
“Phishing attacks that take advantage of trusted brands continue to represent one of the main threats. The return of Mastercard to the first positions highlights the interest of cybercouts for supplant Data Research Director at Check Point Software.
Main phishing brands in the first quarter of 2025
1. Microsoft (36%)
2. Google (12%)
3. Apple (8%)
4. Amazon (4%)
5. Mastercard (3%)
6. Alibaba (2%)
7. WhatsApp (2%)
8. Facebook (2%)
9. LinkedIn (2%)
10. Adobe (1%)
Microsoft is the most supplanted brand (36%) and Mastercard returns to the phishing ranking in fifth place (3%)
Phishing campaign aimed at Mastercard users
One of the most prominent campaigns in the quarter was the increase in fraudulent sites aimed at Mastercard users. In February, web pages designed to imitate the official Mastercard site, mainly focused on Japan users. The objective of these sites was to steal sensitive financial information such as card numbers and CVV codes. Some of the identified domains were:
· Mastercard-Botan (.) Aluui (.) CN
· Mastercard-Pitiern (.) GMKT6Q (.) CN
· Mastercard-Orexicos (.) BVSWU (.) CN
· Mastercard-Transish (.) GMKT7E (.) CN
Although these domains are no longer active, their proliferation underlines the interest of cybercriminals in supplanting financial institutions, and reminds users of the importance of verifying the legitimacy of the platforms with which they interact in financial operations.
Another significant campaign detected this quarter involved the creation of a false login page that imitated Microsoft OneDrive. The fraudulent domain Login (.) OneDrive-Micrasoft (.) Com was designed to replicate the appearance of the official Microsoft portal, in order to deceive users to enter their credentials, including emails and passwords. This tactic shows how cybercounts continue to improve the use of pages of legitimate appearance to compromise user safety.
SECTOR TRENDS: The rise of attacks on the technological sector
The technological sector was again the most affected by phishing attacks in the first quarter of 2025. As both companies and consumers are increasingly relying on digital and cloud services, these platforms become recurring objectives for attackers. Companies such as Microsoft, Google and Apple were the most imitated, although attacks aimed at social media platforms such as Facebook, LinkedIn and WhatsApp were also observed, as well as large electronic commerce sites such as Amazon.
